How to make Splunk web understand web port is natted ?



my Splunk instance is running on standard port 8000 with user splunk.(on Linux)
web ssl activated

port 8000 is unreachable from users (blocked by firewall)
port 443 is open

As such, I can't modify splunk web to run on port 443

I've added a iptables redirect from port 443 to 8000 (ie nat)

this is working well but I need to tell Splunk that it is only reachable on port 443 and not 8000

I've tried unsucessfully :
- set tools.proxy.base (in web.conf) to https:://myserver/
- idem + tools.proxy.on = True
- tools.proxy.base = https://myserver:443/ + tools.proxy.on = True

However, I can still see urls with :8000 in it (like when restarting Splunk service from splunk web interface)

Any idea what is the good settings to teach Splunk web how to reach the web interface including protocol scheme + hostname + port ?

Tags (1)
0 Karma


thanks for the answer.

Yes, web.conf looks like the place it should be.

The settings I've tried are from here and taken from the spec file + some posts I've found on answers site.(but I may have missed the good one !)

This is something like a reverse proxy configuration.

0 Karma

Splunk Employee
Splunk Employee

Ok! Sounds like web.conf might be the right file for these settings. Let me know if, after adjusting more of the settings in web.conf, you aren't able to get the right configuration. It's also possible to open a support ticket for more troubleshooting.

Also, you might have already seen this, but just FYI: this older post went into a lot of detail on a reverse proxy configuration and addressed some differences in software versions 5 and 6:

All best,

Splunk Employee
Splunk Employee

Hi @matthieu_araman,
I'm a tech writer here at Splunk and would like to help with your question. Have you tried reviewing/adjusting more of the configurations in web.conf? Here is the spec file.

In particular, settings for:
httpport =
mgmtHostPort =

  • various settings for SSL protocol/versions

Seem like they might be of help here...Again, not sure if you've already checked these.

This documentation topic on changing the web and management port settings via Splunk Web might also be of use:

I hope this helps! Please let me know if not--we can continuing discussing this.

All best,